At 11:44 AM -0400 5/12/10, Joe Abley wrote:
On 2010-05-12, at 09:28, Barry Leiba wrote:
It would be a mistake to build a further array of individual,
uncoordinated extensions to FTP.
I'm actually slightly surprised that anybody is considering enhancements to
FTP in 2010.
I would have thought that given standardised alternatives which are kinder to
firewalls and more secure the logical next step would be to publish guidance
that advises against using FTP, outlines the reasons why, and points people
towards more suitable protocols. Unless I'm missing some use-case where FTP is
actually superior to (say) HTTP, or SSH/SFTP?
The use of FTP dwarfs the use of SFTP by at least two orders of magnitude.
Further, and more troubling, is that there are few if any SFTP servers that
have the same access properties as those common in most FTP servers, namely
that the user who connects can *only* see the contents of the home directory
and below. (Yes, you can sometimes set up SSH/SFTP with this restriction; doing
so is still cumbersome and not well supported on many OSs.)
The use case for FTP remains "password protected access to a limited set of
files where eavesdropping on the password or transferred file contents will not
cause much damage". As SFTP implementations mature, we might consider
suggesting moving away from FTP, but probably not before then.
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf